Monday, July 2, 2012

Mac espionage trojan targets Uighur activists

from scmagazine.com

Researchers at Kaspersky Lab said Friday that they have come across a new "advanced persistent threat

(APT)" campaign targeting Uighur activists who use Mac OS X.

The backdoor, dubbed MaControl.b, is being used to spy on Uighur dissidents. On Wednesday, researchers said they discovered the "new wave" of APT attacks targeting the Turkik-speaking Muslim group, which mostly lives in the northwest Chinese province of Xinjiang.

The attackers are sending their prospective victims legitimate looking emails that contain a difficult-to-detect exploit disguised in a ZIP file, which is attached.

"When executed, it installs itself in the system and connects to its command-and-control server to get instructions," wrote Costin Raiu, a senior security researcher at Kaspersky, in a blog post. "The backdoor allows its operator to list files, transfer files and generally run commands on the infected machine."

The Uighurs have sought greater religious freedoms and autonomy, and have staged a number of uprisings against Chinese rule. The U.S. State Department has called out the Chinese government for repressing and committing human rights abuses against the minority group.

This is not the first time this year that virus authors have customized their wares to run on the Mac and go after dissidents. In March, the security firm AlienVault reported that Tibetan activists were being targeted by remote access trojans, or RATs, which took advantage of a three-year-old vulnerability in Microsoft word.

"With Macs growing in popularity and their increased adoption by high-profile targets, we expect the number of Mac OS X APT attacks will also grow," Raiu wrote.

I have always admitted as much. Apple itself was careful to say that Macs don't get "Windows" viruses (which have traditionally comprised the majority of infections) rather than claiming blanket invulnerability to all potential malware.

Because Apple's platforms are attacked far less often, and less severely that its competition. Thus makes them safer in practice, if not more secure in absolute terms. Haters have attributed the difference to the Macs significantly lower marketshare, and to iOS' walled App garden, and not to any inherent superiority of Apple's hardware or software. Be that as it may, Apple's users have simply not had the same degree of problems and overhead of dealing with malware. Hate us for stating the truth if you must.